News
10/23/2015
12:05 PM
Lisa Morgan
Lisa Morgan
Slideshows
Connect Directly
Twitter
RSS
E-Mail

9 Ways To Bulletproof Your Privacy Policy

Is your privacy policy rock solid, or could it use some work? Mistakes can mean lawsuits, regulatory fines, and damage to corporate reputations. Here's how to protect your company.



(Image: tigerlily713 via Pixabay

(Image: tigerlily713 via Pixabay

Any company that collects, stores, and uses personal information should have a privacy policy. However, not all privacy policies are created equal.

Although many privacy policies may look the same, the riskiest ones fail to reflect what the company actually does. These can expose the organization to potential regulatory audits, fines, lawsuits, and reputational harm. To reduce the risks associated with such disconnects, businesses should spend more time thinking about -- and operationalizing -- their protection of sensitive data.

However, many organizations don't take their privacy policies seriously enough, as evidenced by the growing number of data breaches and the increasing amount of regulatory oversight.

[ What's your disaster response plan? Read Crisis Response: 6 Ways Big Data Can Help. ]

"If the regulators fined everyone for failing to follow certain regulated procedures, they'd have to fine everybody because nobody does it right," said Walter O'Brien, in an interview. He's founder and CEO of Scorpion Computer Services, the real-life company (with a real live person) upon which CBS's Scorpion TV show is based. "They'd be fining 99% of the industry, and there would be an uproar," said O'Brien. "There should be an uproar. You don't sue Wells Fargo every time it gets hacked."

Toothless privacy policies are common. In June 2015, the Online Trust Alliance (OTA) audited the security, privacy, and consumer protection practices of approximately 1,000 companies, all of which are the leading organizations in their respective industries. They included the top Internet retailers, banks, US federal government sites, social networking and sharing sites, news and media companies, Internet of Things providers, and OTA members. Forty-five percent failed to protect consumers and their data from harm and online threats. Forty-four percent made OTA's "Honor Roll" because they achieved a weighted score of 80 or better on a scale of 1–100, based on 50 different data points. When the OTA audited the top 23 presidential candidates in September 2015, it found that 74% failed because of their privacy policies.

"The FTC has been very aggressively prosecuting companies that don't really do what they say or say what they do," said Jim Adler, in an interview. "Where companies go sideways is not so much what they say, but whether they can live up to what they're saying." Adler is chief security officer at big data analytics company Metanautix and member of The Department of Homeland Security Data Privacy and Integrity Advisory Committee.

To minimize your own company's risks, consider these nine pointers.

Lisa Morgan is a freelance writer who covers big data and BI for InformationWeek. She has contributed articles, reports, and other types of content to various publications and sites ranging from SD Times to the Economist Intelligent Unit. Frequent areas of coverage include ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2019 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service